In today’s business world, words like “cloud computing,” “blockchain” and “malware” are used on a daily basis. However, Richard Santalesa often encounters business professionals who are not up to speed in appreciating the relevance of these words.
“You will get people who heard the word, but don’t know anything about it or what the legal issues are,” he said.
And that’s where Santalesa comes in. As founder of Westport-based SmartEdgeLaw Group, Santalesa has staked out a niche that provides companies with legal support related to cutting-edge high-tech issues.
“This area of the law is unique,” he said. “I work very heavily with the business teams and the IT groups and internal legal departments in each firm. And unless you have all three of those together you are going to waste a lot of time or you are not going to have what you need in terms of protection from the vendors or the contracts you are working on.”
A great deal of Santalesa’s ongoing work focuses on legal matters centered on vendor risk analysis and vendor risk. This has become an increasingly vital aspect of corporate life following the 2013 data breach of the retail giant Target, which resulted in a record-setting $18.5 million multistate settlement.
“The way that breach happened was through a heating and ventilation company that had a tie-in to Target’s system just to do invoicing,” he said. “But the security on Target’s site wasn’t set right, so the hackers were able to get in through the heating and ventilation company.”
Santalesa is no stranger to tech issues. His initial career path was as a journalist in the 1990s, when he held editorial positions at publications including NetGuide, Windows User and Computer Shopper magazine. He registered his first domain name in 1994 with PDAwirelessworld.com. It was a forward-looking move in a year when most people were slowly encountering the online world via AOL diskettes and dial-up modems. In the late 1990s, he co-founded Virtual Growth Inc., a New York City-based accounting firm that offered financial and accounting services to startup and new media companies.
In the aftermath of the dot-com era, Santalesa switched his focus to law, receiving his degree from St. John’s University Law School in 2005. He served as legal counsel to Ipsos America Inc. and Fujifilm Holdings America Corp. before becoming co-founder and senior counsel at the tech-focused InfoLawGroup LLP in 2010. He launched SmartEdgeLaw Group in 2014, which he runs as a one-man law firm.
“I am also affiliated with a law firm down in New York City called the Bortstein Legal Group,” he said. “A lot of their clients are financial firms and insurance companies. I love the fact I can work remotely in Connecticut. Usually, I am working at home on the phone and on the computer.”
Santalesa said he has worked with “about 100” clients, although not all of them are currently active. He said soliciting new clients is “what I hate the most — that’s what they don’t teach you in law school.”
From a legal standpoint, Santalesa constantly finds himself in the position of dealing with waves of new laws and regulations that are mandated on state and federal levels.
“I spend easily an hour to an hour and a half each morning reading through the latest news about different breaches and different reports out from data-protection authorities from around the world,” he said, adding that some entities in his client base often face a dilemma in how to deal with the mix of mandates. “What tends to happen in contracts with national companies is they pick the most stringent state (tech regulations), say California and Massachusetts, and align themselves with that one and hope it covers all of the other states’ requirements.”
Santalesa faulted the federal government for often being slow when it comes to addressing high-tech issues. “There have been countless data bills over the last year put forward in some committee that never went anywhere,” he said. “After the Target and Equifax breaches, there were a lot of hearings and a lot of sound and fury, and then another proposal for a national data breach law.”
Still, he noted there were bright spots in the federal environment. He cited the National Institute of Standards and Technology, a nonregulatory agency of the U.S. Department of Commerce, for taking a proactive approach to the subject and working with tech industry stakeholders to examine pressing concerns. “They are very much in line with what is going on and are heavily respected in the IT and legal cybersecurity communities, and we follow all of their guidelines pretty closely.”
At the moment, one of Santalesa’s priorities involves cryptocurrency, which has yet to face in-depth state or federal regulatory controls. “There are tons of legal issues with cryptocurrency, starting with how many there are. Everyone has heard of bitcoin, but there are about 100, with most nobody ever heard of outside of the crypto world. And very few people use cryptocurrency to buy something other than cryptocurrency.”
Santalesa, who declined to discuss his firm’s billings, said he was considering bringing in interns this summer to help with his workload, and he might expand SmartEdgeLaw Group to accommodate an associate. And while he felt that his workload was getting heavier, he expressed no regrets for his pursuit of high-tech law.
“It is lot to keep up with on a daily basis,” he said. “But that’s what I like. It’s nothing like real estate law, where nothing really changes except different fees or different forms.”